Why Cloud Computing can be a pain or a big risk depending of the use case (money, ownership and more). Self-Hosting and Cloud need to work together.
Countries & Laws
What’s the company that you use? I’ll tell you if you’re under CLOUD Act (USA) or another problem.
I’m not anti-GAFA or anti-USA. Sometimes, we need to avoid potential risk and the most important is CLOUD Act.
A lot of companies and persons use AWS, Azure, GCP but sometimes, it’s the major security risk.
Are you doing critical information or computation for your company? Is it your major product?
CLOUD Act : Clarifying Lawful Overseas Use of Data Act
United States federal law enacted in 2018 - H.R. 4943
It’s the weapon to obtain remote data through service providers through SCA warrants, as the SCA was written before cloud computing was a viable technology.
SCA : Stored Communications Act: 1986
CLOUD Act: 2018
U.S. data and communication companies must provide stored data for a customer or subscriber on any server they own and operate when requested by warrant.
They can refuse or challenge but countries can be with bi-lateral agreements. In that case, requested data related to its citizens are provided in a streamlined manner.
But a lot of companies are processing without challenging also in case that it’s easy to do it.
Other thing… National/Industrial Security manner
It’s not the CLOUD Act, in USA, NSA is the most important agency that can analyze data from US companies and what about Cloud Provider.
We know about NSA backdoor in routers and others… It’s still a risk that they can audit VM.
For example, in France, Renater’s network is very inspected because it’s used by many universities, research centers & co.
Business is Business
GitHub is the first place to push our open source stuff but is it the right solution for absolutely all source code ?
If you’re not paying for the product, you are the product - Television Delivers People (1973)
Remember that if you’re not paying for a service or product that it’s important (or vital) for you, you’re the product because your data are monetizable.
I use GitHub, GitLab, Bitbucket but finally, my first place to work is still my server.
I worked in a French company and they used GitHub Enterprise Cloud for the entire stuff.
It was very stupid because all the core business was in GitHub’s datacenters but mostly in case of connectivity failure (example: cut of optical fiber).
You need to do what’s the impact of connectivity failure to your Git or other tool that you use to work like Salesforce or other. You can be surprised.
What’s Cloud ?
Cloud (noun): label marketing for virtualization
I’m not kidding, Cloud is virtualization and containerization with the big bullshit for scaling because you can do it yourself in your datacenters.
Budget = pay more than before and more about ownership
With all the marketing about you can reduce your costs, you’re on another way, more expensive than before.
You pay your instance, services based on usage (running time, storage) but the most expensive is … network !
All network traffic from internet to your instance/services are free of charge because it’s not costly for network operators but all the out (from your instance/services) to internet, you pay it !
Do you backup your cloud database to another datacenter or doing a dump to dev locally, welcome, you pay the network used for it. Yes, you pay all the outgoing traffic.
Do you backup your storage in USA to Ireland, welcome, you pay it too. It’s not a joke but the reality.
Do you see the dark face of cloud ? Welcome, you’re locked inside your provider and if you want to leave, you’ll pay all the network used to extract your data !
Ownership? Really, you’re locked-in because if you built a startup integrally in cloud, you need to analyze migration cost about traffic because, you can have a lot depending of:
- file and object storage
- database dump
- software code: the dream of serverless
Cloud Provider SDK = vendor lock-in
Are you using serverless (lambda, speech to text & co)?
Do you use the SDK from your provider ?
Welcome in vendor lock-in (Cloud version) because you can’t migrate easily.
Example: you use a lot of lambda and your cloud provider provides a good SDK for his serverless solution, you use it to have a gain of time.
In reality, you’re losing portability, ownership and finally, you’ll pay it a lot:
- developers need to work more to adapt the code (removing the SDK)
- time because you have indisponible developers to work on fixes & more
- your mind because you’re paying right now what you think to be a good choice
Where is Availability ?
Do you think that your cloud provider will do the principle of Availability ?
Are you using only one provider ? It’s a SPOF !
You need to work with multiple cloud providers because at this time, cloud providers don’t offer the availability to do all needed migration about your instance and other service that you use to another zone.
When you worked with different datacenters, you did availability with replication between each datacenter.
With AWS and others, you miss this principle so basic and vital and also about backup because you think that your cloud provider does it for you. It’s false ! Stop to dream and be conscient that you need to do it yourself excepted if you find a very premium cloud provider and in that case, don’t be surprise about the cost.
It’s time to stop right there otherwise, I’ll write a lot of things and I’ll lose you.
The actual schema about Cloud is just to forget and very quickly before the point of no return.
Where are your data? Are you doing backup? What’s the real cost of each backup?
The same thing happen with your drive, it’s why I’ve my own files/objects storage. I know where are my data, who can access it and I’ve a fixed cost.
I use CloudFlare and I like this cloud service.
What’s the most important risk in the actual schema? Not just money. We’re losing ownership! - sycured
Don’t be fool and think about what you’re doing with your data.